KubeZero/charts/kubezero-istio/templates/istio.yaml

140 lines
3.9 KiB
YAML
Raw Normal View History

2020-07-21 17:30:21 +00:00
apiVersion: install.istio.io/v1alpha1
kind: IstioOperator
metadata:
name: kubezero-istio
namespace: istio-system
2020-08-06 17:43:59 +00:00
labels:
{{ include "kubezero-lib.labels" . | indent 4 }}
2020-07-21 17:30:21 +00:00
spec:
profile: empty
components:
ingressGateways:
- enabled: true
k8s:
2020-07-21 23:08:19 +00:00
replicaCount: {{ .Values.ingress.replicaCount }}
{{- if .Values.ingress.autoscaleEnabled }}
2020-07-21 17:30:21 +00:00
hpaSpec:
maxReplicas: 5
metrics:
- resource:
name: cpu
targetAverageUtilization: 80
type: Resource
minReplicas: 1
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: istio-ingressgateway
2020-07-21 23:08:19 +00:00
{{- end }}
env:
2020-09-11 11:08:58 +00:00
# https://github.com/istio/istio/issues/26524, not in 1.7 !
#- name: TERMINATION_DRAIN_DURATION_SECONDS
# value: "60"
2020-07-21 23:08:19 +00:00
- name: ISTIO_META_HTTP10
value: '"1"'
- name: ISTIO_META_ROUTER_MODE
value: standard
2020-09-11 11:08:58 +00:00
#- name: ISTIO_META_IDLE_TIMEOUT
# value: "3600s"
2020-07-23 14:52:11 +00:00
{{- if eq .Values.ingress.type "NodePort" }}
2020-07-21 17:30:21 +00:00
nodeSelector:
node.kubernetes.io/ingress.public: "30080_30443"
2020-07-23 14:52:11 +00:00
{{- end }}
2020-07-21 17:30:21 +00:00
resources:
limits:
2020-09-11 11:23:08 +00:00
#cpu: 2000m
2020-07-21 17:30:21 +00:00
memory: 1024Mi
requests:
cpu: 100m
memory: 64Mi
2020-07-21 17:30:21 +00:00
strategy:
rollingUpdate:
maxSurge: 100%
maxUnavailable: 25%
overlays:
- apiVersion: apps/v1
kind: Deployment
name: istio-ingressgateway
patches:
- path: spec.template.spec.containers.[name:istio-proxy].lifecycle
value: {"preStop": {"exec": {"command": ["sh", "-c", "curl -X POST http://localhost:15000/healthcheck/fail && sleep 30"]}}}
- path: spec.template.spec.terminationGracePeriodSeconds
value: 90
2020-07-21 17:30:21 +00:00
name: istio-ingressgateway
pilot:
enabled: true
k8s:
2020-07-21 23:08:19 +00:00
replicaCount: {{ .Values.istiod.replicaCount }}
2020-07-21 17:30:21 +00:00
nodeSelector:
node-role.kubernetes.io/master: ""
2020-07-21 23:08:19 +00:00
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
2020-07-21 17:30:21 +00:00
resources:
requests:
cpu: 100m
memory: 128Mi
policy:
enabled: true
k8s:
2020-07-21 23:08:19 +00:00
replicaCount: {{ .Values.istiod.replicaCount }}
2020-07-21 17:30:21 +00:00
nodeSelector:
node-role.kubernetes.io/master: ""
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
2020-07-21 23:08:19 +00:00
2020-07-21 17:30:21 +00:00
telemetry:
enabled: false
2020-09-11 14:22:34 +00:00
meshConfig:
accessLogFile: /dev/stdout
2020-09-11 14:39:47 +00:00
accessLogEncoding: 'JSON'
h2UpgradePolicy: 'DO_NOT_UPGRADE'
2020-09-17 16:54:57 +00:00
tcpKeepalive:
interval: 30s
time: 60s
2020-07-21 17:30:21 +00:00
values:
gateways:
istio-ingressgateway:
2020-07-21 23:08:19 +00:00
autoscaleEnabled: {{ .Values.ingress.autoscaleEnabled }}
2020-07-21 17:30:21 +00:00
externalTrafficPolicy: Local
labels:
app: istio-ingressgateway
istio: ingressgateway
meshExpansionPorts: []
podAntiAffinityLabelSelector:
- key: app
operator: In
topologyKey: kubernetes.io/hostname
values: istio-ingressgateway
2020-07-23 14:52:11 +00:00
type: {{ default "NodePort" .Values.ingress.type }}
2020-07-21 17:30:21 +00:00
ports:
- name: http-status
port: 15021
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 30021
{{- end }}
2020-07-21 17:30:21 +00:00
- name: http2
port: 80
2020-09-11 14:45:04 +00:00
targetPort: 8080
2020-07-23 14:52:11 +00:00
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 30080
{{- end }}
2020-07-21 17:30:21 +00:00
- name: https
port: 443
2020-09-11 14:45:04 +00:00
targetPort: 8443
2020-07-23 14:52:11 +00:00
{{- if eq .Values.ingress.type "NodePort" }}
nodePort: 30443
{{- end }}
2020-07-21 17:30:21 +00:00
global:
jwtPolicy: first-party-jwt
2020-09-11 11:08:58 +00:00
logAsJson: true
defaultPodDisruptionBudget:
enabled: false
2020-07-21 17:30:21 +00:00
pilot:
2020-07-21 23:08:19 +00:00
autoscaleEnabled: false
mixer:
policy:
autoscaleEnabled: false